-
Ahmed A. Alkaysi commented on the post, Social Engineering: Securing Workers In The Digital Age, on the site 8 years ago
Many good points Anthony. There are many steps people can take to avoid being in a situation where they will be targeted by an effective social engineering campaign. Too often I see what should be private information made public on social media. The first step of securing ones personal info, don’t post it. Don’t tell them what team you are on at…[Read more]
-
Ahmed A. Alkaysi commented on the post, “How To Crash A Drone By Hacking Its 3D Propeller Design”, on the site 8 years ago
Wow very interesting article Mengqi. This is concerning as 3d printers are becoming mainstream. Good point on the fact that IT experts as well as industry experts would need to work together in order for this type of attack to be successful. I can see how these attacks can be launched by state sponsored actors with a political agenda, as the…[Read more]
-
Ahmed A. Alkaysi wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years ago
There has been another recent wide-scale DDoS attack, this time against Dyn DNS service. This company provides DNS service to Twitter, Etsy, GitHub, Souncloud, PagerDuty, Spotify, Shopify, Airbnb, Intercom and […]
-
Ahmed A. Alkaysi commented on the post, Weekly Question #8: Complete by November 2, 2017, on the site 8 years, 1 month ago
I am super paranoid about connect to any open Wifi network. It is so easy to hijack an open wifi or just have a fake one setup. It is just not worth the risk to connect to an open network. One thing to keep in mind, even you if decide to connect on open wifi and you might not even check your email or social media, you are still connecting using…[Read more]
-
Ahmed A. Alkaysi commented on the post, Android banking Trojan tricks victims to submit a selfie holding their ID card, on the site 8 years, 1 month ago
Interesting article Vaibhav. Very scary, and hopefully people aren’t gullible enough to send a selfie of their ID card, especially if its related to an adult video app..I’m sorry, but if you get tricked into doing this, then its your fault.
-
Ahmed A. Alkaysi commented on the post, Weekly Question #8: Complete by November 2, 2017, on the site 8 years, 1 month ago
Exactly. Agencies need to take a pro-active approach to cyber security, but just deciding to upgrade it because it is “old” is ridiculous.
-
Ahmed A. Alkaysi commented on the post, Weekly Question #8: Complete by November 2, 2017, on the site 8 years, 1 month ago
This is why it is extremely important to have some sort of security control measures in place. Even the most basic will include requirements for 2 factor authentication or knowing what systems are connected to the networks. It always seems like Government entities have the worse security measures in place.
-
Ahmed A. Alkaysi commented on the post, Weekly Question #8: Complete by November 2, 2017, on the site 8 years, 1 month ago
Having a month dedicated to cyber security has been a good idea. At work, we have been bombarded with messages regarding Cyber Security national awareness month. I believe the general public is becoming more aware with IT security in general. Organizations need to continue sending messages out so that more people will become interested in security…[Read more]
-
Ahmed A. Alkaysi wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
This article discusses the system, Acars, which is a decades old air-traffic messaging system, in need of a possible upgrade. Acars is used by airplanes to provide information on the status of aircraft components […]
-
That is very true. It would be hard to upgrade a system, from a security perspective, based on the system being old. If you can’t tell why the system is vulnerable, how it can be exploited, and what are the risks associated with it being compromised, than you really don’t have a case to make the upgrade. I would assume that the ACARS system would not be cheap to replace, and spending that kind of money without any due-delligience would replicate the unknown vulnerabilities or just make the same system by sticking a new label on it.
-
Exactly. Agencies need to take a pro-active approach to cyber security, but just deciding to upgrade it because it is “old” is ridiculous.
-
-
-
Ahmed A. Alkaysi commented on the post, “Businesses Sacrifice Security to Get Apps Released Faster”, on the site 8 years, 1 month ago
Interesting article Mengqi. Companies should do the contrary, making sure their apps are secured before releasing it to the public It doesn’t matter how fast an app is release, if it has security flaws than it will be a terrible product and customers will not use it. Better to be slow and secured, than fast and flawed. As security is now a hot…[Read more]
-
Ahmed A. Alkaysi commented on the post, Weekly Question #8: Complete by November 2, 2017, on the site 8 years, 1 month ago
This will always be an issue when you are using electronic devices to satisfy the election. Maybe its time to go back to paper voting and manually count the votes. Might sound primitive, but at least it will mitigate the fraud that most likely goes on using electronic devices.
-
Ahmed A. Alkaysi posted a new activity comment 8 years, 1 month ago
Hacking and disrupting nuclear plants is a huge issue. I remember there was a virus called “Stuxnet” that disrupted Iranian nuclear ambitions. It turns out that virus was created by America and Israel. One of the fears with using the virus was the possibility of it getting out and being used on other nuclear facilities. This might be the same type…[Read more]
-
Ahmed A. Alkaysi commented on the post, Hack warnings prompt cyber 'security fatigue', on the site 8 years, 1 month ago
I can totally relate to this issue. When you need to login to multiple apps and environments, it gets frustrating to create a brand new “strong” password for each. A lot of times I would need to reset a password, just to forget it again. Sadly, to solve this problem, there is little variance between my passwords now, although I try not to keep…[Read more]
-
Ahmed A. Alkaysi wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
This article talks about how users of Spotify’s free service have noticed that many advertisements automatically open their web browser, without them clicking on the advertisement. These websites contain virus […]
-
This is an extremely interesting article. If think outside the bounds of just Spotify, a lot of freemium apps provide ads in exchange for their service, e.g., Facebook, games, etc. If these companies do not properly screen the ads that they add into their network they are making hundreds, thousands, or even billions of people vulnerable to malicious attacks on their devices without the consumers knowledge. So how could we as consumers protect ourselves if we entrust these companies to screen for these types of attacks?
-
I agree with Loi Van – these companies should be required to do more due diligence and vulnerability testing for their advertisers to protect their customers.
In the meantime, I’ll be happy to pay my Spotify bill this month knowing that I’m not vulnerable to this threat. Can’t really complain with the $5 per month student rate for this service!
-
To answer your question Loi Van, I believe one of the best ways to force companies to go the extra mile to ensure full protection is for us (consumers) to start taking cyber security more seriously as we should. We have to make them feel cyber security is an important factor in the services big organizations offer. Hopefully Spotify addresses this quickly before it gets worse. Has Spotify commented on what happened and how they’re addressing this? I’m assuming they did, but couldn’t find anything so far.
-
-
Ahmed A. Alkaysi commented on the post, QUBES OS: A Reasonably Secure Operating System, on the site 8 years, 1 month ago
This is pretty interesting and really cool Instead of having to manage multiple VM machines, I guess this OS manages it for you. I will definitely check this OS out. Regarding isolation, what you said make sense. It will always be a cat-and-mouse game when it comes to cyber security. Maybe the best thing to do is just isolate and mitigate as much…[Read more]
-
Ahmed A. Alkaysi posted a new activity comment 8 years, 1 month ago
Good point on the use of business tactics in order to scale their “company”. They run their businesses (cyber Mafias) more effectively than a lot of other legitimate businesses, I have link below that describes the different techniques they use to run their organized crime like a…[Read more]
-
Ahmed A. Alkaysi posted a new activity comment 8 years, 1 month ago
I get nervous when ever we call code “unhackable.” I don’t believe anything is ever “unhackable.” It’s good we are spending a lot of time to make sure the code is as locked down as possible before it is sent to production. I think following general security standards while developing, will reduce a majority of the vulnerabilities we face today.
-
Ahmed A. Alkaysi commented on the post, Today's Cybersecurity Management Requires A New Approach, on the site 8 years, 1 month ago
I agree Loi. A combination of white/blacklisting is best. The company should know “what is bad”, and certainly should not allow ANY app on its networks. Whitelisting an app should not mean that no attention will be paid to it, I believe it still needs to undergo vulnerability scans and have logs checked every once in a while to insure it has not…[Read more]
-
Ahmed A. Alkaysi wrote a new post on the site ITACS 5211: Introduction to Ethical Hacking 8 years, 1 month ago
Cisco forgot to remove an internal testing interface from software releases for email security appliances. This vulnerability allows the attacker to gain full access to the affected device with root privileges. To […]
-
This goes back to some of the things we discussed in class regarding pen testers and ethical hackers leaving in back doors after they’ve completed the test. This is worst because attackers don’t even need to authenticate themselves to get root access. For a big company like CISCO to be so negligent in this respect is definitely not good for business.
-
Nice article and very good piece of information too. This is the sort of catastrophic outcome a simple mistake can produce in the cyber security world. Hackers wouldn’t have to do much work at the Reconnaissance stage to cause damage with vulnerabilities like these. Hopefully Cisco takes necessary measures to avoid repeating such mistakes.
-
-
Ahmed A. Alkaysi posted a new activity comment 8 years, 1 month ago
You are totally right Loi. The culture at Wells Fargo has really created an environment where salespeople are pressured into opening these fake accounts. I read many articles where former workers felt they were getting fired if they didn’t meet the quota, and how they were stressed out all the time. It was easy for this crook to target 8′ accounts…[Read more]
- Load More